Description
Multiple cross-site scripting (XSS) vulnerabilities in wp-admin/update-core.php in WordPress before 4.7.1 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) version header of a plugin.
Remediation
References
Related Vulnerabilities
WordPress Plugin Contact Form for WordPress-Ultimate Form Builder Lite Cross-Site Scripting (1.3.3)
WordPress Plugin Header Footer Code Manager SQL Injection (1.1.13)
WordPress Plugin PWA for WP & AMP Unspecified Vulnerability (1.0.8)
LimeSurvey Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2025-41075)